Harbor私有仓库部署与配置-http
Harbor 是一个开源的云原生镜像仓库,用于存储和分发容器镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源 Docker Distribution。作为一个企业级私有 Registry 服务器,Harbor 提供了更好的性能和安全。
1. 准备工作
- 下载 Harbor 离线安装包
从 Harbor GitHub releases 页面下载离线安装包,例如 harbor-offline-installer-v2.11.0.tgz
。
- 安装 Docker 和 Docker Compose
确保目标机器上已经安装了 Docker 和 Docker Compose。
2. 安装部署
将 harbor-offline-installer-v2.11.0.tgz
上传到待部署机器并解压:
bash
[root@k8s ~]# tar xf harbor-offline-installer-v2.11.0.tgz
[root@k8s ~]# cd harbor
[root@k8s harbor]# ls
common.sh harbor.v2.11.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
配置 Harbor:
shell
[root@k8s harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s harbor]# vi harbor.yml
编辑 harbor.yml
文件,根据实际需求进行配置:
yaml
hostname: 192.168.0.159 # 部署机器的ip,也可以是域名
...
http:
port: 80 # http端口
...
harbor_admin_password: Harbor12345 # web界面admin密码
...
database:
password: root123 # 后端数据库root密码
...
data_volume: /data/harbor # 数据存放路径
...
如果只部署http服务的话,需要禁用https,否则会将http请求重定向到https:
yaml
...
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# enable strong ssl ciphers (default: false)
# strong_ssl_ciphers: false
...
加载镜像和启动 Harbor:
shell
# 创建存放数据的目录
[root@k8s harbor]# mkdir -p /data/harbor
[root@k8s harbor]# sh install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 26.1.4
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.27.1
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v2.11.0
Loaded image: goharbor/harbor-db:v2.11.0
Loaded image: goharbor/nginx-photon:v2.11.0
Loaded image: goharbor/trivy-adapter-photon:v2.11.0
Loaded image: goharbor/redis-photon:v2.11.0
Loaded image: goharbor/registry-photon:v2.11.0
Loaded image: goharbor/prepare:v2.11.0
Loaded image: goharbor/harbor-portal:v2.11.0
Loaded image: goharbor/harbor-log:v2.11.0
Loaded image: goharbor/harbor-jobservice:v2.11.0
Loaded image: goharbor/harbor-registryctl:v2.11.0
Loaded image: goharbor/harbor-exporter:v2.11.0
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete
[+] Running 9/0
✔ Container harbor-portal Removed 0.0s
✔ Container harbor-jobservice Removed 0.0s
✔ Container registryctl Removed 0.0s
✔ Container harbor-core Removed 0.0s
✔ Container redis Removed 0.0s
✔ Container harbor-db Removed 0.0s
✔ Container registry Removed 0.0s
✔ Container harbor-log Removed 0.0s
✔ Network harbor_harbor Removed 0.0s
[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete
[+] Running 10/10
✔ Network harbor_harbor Created 0.0s
✔ Container harbor-log Started 0.4s
✔ Container harbor-portal Started 1.2s
✔ Container registry Started 1.0s
✔ Container harbor-db Started 0.8s
✔ Container redis Started 1.2s
✔ Container registryctl Started 0.8s
✔ Container harbor-core Started 1.4s
✔ Container harbor-jobservice Started 1.7s
✔ Container nginx Started 1.7s
✔ ----Harbor has been installed and started successfully.----
说明:
当前机器如果存在同名的容器,也会导致harbor部署失败,例如
redis
,nginx
等。部署之前停止可能冲突的容器。
3. 检查部署情况
- 查看 Harbor 服务状态
shell
[root@k8s harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cb5c79df4e4c goharbor/harbor-jobservice:v2.11.0 "/harbor/entrypoint...." 3 minutes ago Up 3 minutes (healthy) harbor-jobservice
39486ae87f17 goharbor/nginx-photon:v2.11.0 "nginx -g 'daemon of..." 3 minutes ago Up 3 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
09098205ec51 goharbor/harbor-core:v2.11.0 "/harbor/entrypoint...." 3 minutes ago Up 3 minutes (healthy) harbor-core
0e968a41d58c goharbor/redis-photon:v2.11.0 "redis-server /etc/r..." 3 minutes ago Up 3 minutes (healthy) redis
8552f9919837 goharbor/harbor-db:v2.11.0 "/docker-entrypoint...." 3 minutes ago Up 3 minutes (healthy) harbor-db
4985901e00f5 goharbor/harbor-portal:v2.11.0 "nginx -g 'daemon of..." 3 minutes ago Up 3 minutes (healthy) harbor-portal
9c297f67dd64 goharbor/harbor-registryctl:v2.11.0 "/home/harbor/start...." 3 minutes ago Up 3 minutes (healthy) registryctl
e0d91f7bfd29 goharbor/registry-photon:v2.11.0 "/home/harbor/entryp..." 3 minutes ago Up 3 minutes (healthy) registry
3c06f80eb9f0 goharbor/harbor-log:v2.11.0 "/bin/sh -c /usr/loc..." 3 minutes ago Up 3 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
- 访问 Harbor Web 界面
打开浏览器,访问 http://192.168.0.159
,使用配置文件中设置的管理员用户名(默认是 admin
)和密码登录。
docker默认使用https连接仓库,添加如下配置使用http仓库:
shell
[root@k8s ~]# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://registry.docker-cn.com",
"https://registry-1.docker.io",
"https://registry.hub.docker.com",
"https://mirror.baidubce.com",
"https://ccr.ccs.tencentyun.com",
"https://wnsrsn9i.mirror.aliyuncs.com"
],
"insecure-registries": ["192.168.0.159"] # 添加的配置
}
[root@k8s ~]# systemctl restart docker # 重启生效
# 测试登录正常
[root@k8s ~]# docker login -u admin -p Harbor12345 http://192.168.0.159
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
- 推送镜像测试
shell
[root@k8s ~]# docker tag nginx:1.27.0 192.168.0.159/library/nginx:1.27.0
[root@k8s ~]# docker push 192.168.0.159/library/nginx:1.27.0
The push refers to repository [192.168.0.159/library/nginx]
3cf30c944fca: Pushed
16d40ad06803: Pushed
cf1614267117: Pushed
e5ec4dd3995c: Pushed
e8186e892c11: Pushed
a9a1ca1cae25: Pushed
1387079e86ad: Pushed
1.27.0: digest: sha256:9d1cac272a1ff8c4f4d6607940f179c9716b28c956231e61ae40a63990400c15 size: 1778
[root@k8s ~]#
说明:
library为harbor默认自带的项目,根据自己使用需求创建自定义的项目存放容器镜像。
4. 常见问题排查
- 确保防火墙允许 Harbor 端口
bash
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
- 检查 Docker 和 Docker Compose 版本
确保安装的 Docker 和 Docker Compose 版本满足 Harbor 的最低要求。
- docker登录仓库被拒绝
bash
[root@k8s ~]# docker login -u admin -p Harbor12345 http://192.168.0.159
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://192.168.0.159/v2/: dial tcp 192.168.0.159:443: connect: connection refused